Proposal: Enable Modernization of Plugins in Private Repositories #318

gounthar · 2024-10-10T12:46:36Z

Current Situation

Currently, our modernization process relies solely on the update center to retrieve plugin repositories for modernization efforts.

This approach limits our ability to modernize certain types of plugins:

Plugins with security issues that have been forked into private repositories for resolution
Plugins developed by private companies that are not (yet) part of the jenkinsci organization
Proprietary plugins that will remain outside the jenkinsci organization

We propose expanding the modernization capabilities to include plugins in private repositories. This could be achieved by:

Allowing the use of repository URLs as input for the modernization process
Implementing a mechanism to authenticate and access private repositories using appropriate environment variables

To implement this feature, we would need to:

Modify the input process to accept repository URLs in addition to plugin names
Develop a secure method for handling authentication credentials (e.g., using environment variables)
Ensure the tool can clone, fork, and create pull requests for private repositories
Update documentation to reflect these new capabilities and explain the setup process

This enhancement would:

Increase the tool's flexibility and usefulness
Enable faster resolution of security issues in plugins
Support companies with proprietary plugins in keeping their extensions up-to-date

What security measures should we implement to protect authentication credentials?
How can we ensure the tool remains easy to use while adding this functionality?
Are there any potential drawbacks or risks associated with this approach?

We welcome your thoughts and feedback on this proposal to help shape the future development of our plugin modernization tool.

No response

No response